Data Protection

Privacy Policy

Please read this policy carefully to understand how we collect, use, and protect your data across the Live Incident Platform, Mobile App, and AI Assist tools.

Last Updated & Effective: April 15, 2026

Code 3 Rescue Tech, LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Live Incident Platform v2.0 Command Center, the Code 3 Rescue mobile application for iOS and Android, our Guest QR reporting web app, and our Code 3 Assist AI tools (collectively, the "Service").

1. Information We Collect

We collect different types of information depending on whether you are a member of the public reporting an incident, an authorized staff member, or a command center operator.

For Public Users (Guest QR Reporting)

  • Incident Information: We collect the type of emergency (e.g., Medical, Security) and a text description of the emergency you are reporting via the web portal.
  • Location Information: With your browser's permission, we collect your precise real-time location (GPS coordinates) to dispatch help effectively to the Command Center map. You may also provide a manual text description.
  • Personal Information (Optional): You may choose to provide your name, age, and phone number. This information is optional but highly recommended for first responders.

For Staff Users (Mobile App & Command Center)

  • Account Information: To create and manage your staff account, we collect your email address, securely hashed password, and organization ID.
  • Profile Information: We store your display name, role (e.g., "Medic," "Security Lead," "Command"), and assigned unit ID to provide you with the correct permissions.
  • Code 3 Assist (AI) Queries: When operators utilize the Code 3 Assist Co-Pilot, we collect the text prompts and queries submitted to generate protocols, checklists, or incident narratives.
  • Address Book & Contacts (Safety Timer): When using the Field Team Safety Timer feature, you may choose an emergency contact from your device. We do not access, upload, or store your entire address book. We only access the single contact you explicitly select to send an automated SMS alert if your timer expires.

Information Collected Automatically

  • Device and Usage Information: We automatically collect a Firebase Cloud Messaging (FCM) token from your device. This is a unique, anonymous identifier that allows us to send you critical push notifications.
  • On-Device Data: The App stores certain preferences locally on your device (such as your designated favorite venue). This information is not transmitted to our servers.

2. How We Use Your Information

We use the information we collect strictly to operate the Code 3 Rescue incident management ecosystem:

  • To Provide Emergency Routing: To transmit incident reports, live locations, and personal details to the Command Center Dashboard and the mobile devices of dispatched field staff.
  • Live Command Mapping: For authorized staff members, we use background location tracking to cluster active units on the Live Incident Platform dashboard, allowing operators to deploy the closest available responder.
  • AI Assist Generation: We use the details submitted to Code 3 Assist to rapidly query organizational protocols and format structured post-incident legal narratives. We do not use your organization's confidential Protected Health Information (PHI) to train overarching public AI models.
  • To Send Notifications: We use FCM tokens to trigger audible alarms, chat messages, and iOS Live Activities updates.

3. SMS and Text Messaging

If you opt-in to receive SMS updates when filing an emergency report, or if you designate an emergency contact in the mobile app Safety Timer, we will send automated text messages on your behalf via our communication partner (Twilio). By using these features, you acknowledge that standard message and data rates may apply. You or your contact may opt-out at any time by replying "STOP" to any message received.

4. Data Sharing and Disclosure

Your privacy is paramount. Your information is shared only with the authorized Command Center operators and Responders for the specific event or municipality you are interacting with. We do not sell, trade, or otherwise transfer your personal information to outside parties for marketing.

  • Third-Party Services: We use trusted third-party infrastructure to operate our platform securely:
    • Google Firebase: Used for our backend infrastructure (Authentication, Firestore Database, Cloud Storage, and Cloud Messaging).
    • Twilio: Used strictly for transmitting SMS alerts.
    • Open-Meteo: We send geographic coordinates to the Open-Meteo API for real-time dashboard weather widgets. No personal identifiers are linked to this ping.
  • IamResponding Integration: If your organization has enabled our native integration, active dispatch data and unit statuses may automatically securely sync between the Code 3 Rescue platform and IamResponding systems.
  • White-Label Enterprise: The Service is a white-label platform. Data you submit as a guest is managed by the event organizer or municipality that has subscribed to our service. Their handling of your data may also be governed by their own internal privacy policies.

5. Device Permissions

To ensure full functionality of the iOS and Android apps, we may request the following permissions. These are strictly required to pass App Store/Play Store guidelines and to function during an emergency:

  • Location Services (Foreground & Background): Essential for guest reporting. For authorized staff members, the app tracks your location in the background while you are "Checked-In" to ensure command center mapping is accurate and to route backup efficiently. Background tracking immediately stops when a staff member checks out.
  • Contacts: Required solely to allow you to select a contact for the Safety Timer feature.
  • Camera: Required to scan venue setup QR codes during onboarding and to operate the device's flashlight utility. We do not capture or transmit photos covertly.
  • Notifications & Live Activities: Required for staff to receive real-time incident alerts and to display active countdown timers on the iOS Lock Screen or Dynamic Island.
  • Biometric Authentication: If enabled, the App utilizes Face ID/Touch ID to secure access without transmitting biometric data to us.

6. Data Security & HIPAA Compliance

We implement enterprise-grade security measures to maintain the safety of your personal information. All data is transmitted over secure channels using TLS 1.3 encryption and is encrypted at rest using AES-256 encryption within the Google Firebase environment.

For medical, EMS, and enterprise clients processing Protected Health Information (PHI), we enter into formal Business Associate Agreements (BAA) to ensure full legal compliance with the Health Insurance Portability and Accountability Act (HIPAA).

7. Data Retention

Incident data, including any personal information you provide, is retained for the duration of the event/contract and for a limited period afterward as determined by the subscribing organization for official legal reporting and digital audit trails. After this mandated period, data is securely purged. Staff account data is retained for as long as your account remains active with a subscribing venue.

8. Your Rights & Choices

Because guest incident reports are utilized for in-the-moment emergency interventions, we do not offer a feature to recall or delete your report directly from your device after submission. If you have concerns about the data you submitted, you must contact the event organizer or venue directly.

  • Staff Users: To update your profile information, or to permanently delete your account and all associated historical data, you may use the "Delete Account" button located in your in-app Profile Settings, or contact your designated administrator.
  • Managing Permissions: You can manage or revoke the App's permissions (Location, Contacts, Camera) at any time in your iOS or Android system settings.

9. Children's Privacy

Our Service is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our platform (such as new AI or integration features). We will notify you of any changes by posting the new Privacy Policy within the App and on this page. You are advised to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, your data rights, or our HIPAA compliance standards, please contact our legal and support team at:

Code 3 Rescue Tech, LLC
Email: support@c3rescue.com
Website: c3rescue.com